1. Field of the Invention
The present invention relates generally to computer systems, and more particularly but not exclusively to computer network security.
2. Description of the Background Art
As is well known, computers may communicate with one another over a computer network. For example, a company, organization, or household may have a private computer network for file storage, working on collaborative projects, sharing computer resources, and other network-related activities. Computers in a private computer network may also communicate with other computers outside the private computer network. For example, a private computer network may be coupled to the Internet to allow computers in the private computer network to receive e-mails, files, and other data from external computers. Coupling a private computer network to the Internet, however, exposes the private computer network to security threats. Such network security threats include malicious codes (e.g., virus, worm, Trojans, spywares, phish wares), unsolicited information (e.g., spam), and unauthorized intrusions by hackers.
Private computer networks may be defended against network security threats by performing firewall and antivirus functions at gateways or other network entry points. However, because of the high rate at which data pass through a network entry point, network security-related functions must also be performed relatively fast. Otherwise, these network security-related functions become a bottleneck and degrade network performance. Conventional approaches to network security typically sacrifice thoroughness for speed or vice versa. For example, a network security apparatus may limit the amount of malicious code scanning to improve data transfer rates.
Therefore, there is a need for a network security method and apparatus that provide relatively thorough network security functions while minimizing impact on data transfer rates across the network.